Privacy Policy

Version 1.1

Updated: 22nd March 2019.

Maintaining your privacy and your trust is very important. We strive to be especially clear on how we use your personal information if and when we collect it, and on the ways in which we can work together to protect your privacy.

For compliance with the Data Protection legislation of the United Kingdom (UK) & General Data Protection Regulation (also known as Regulation (EU)2016/679 or “GDPR”) this Privacy Policy explains the:

Identity and contact information of the data controller

Purpose of the processing and the lawful basis for the processing

Legitimate interests of the data controller or third party (if applicable)

Categories of personal data to be processed

Details of whether personal data came from direct or indirect sources

Recipients or categories of recipients of the personal data

Details of data transfers to a third country and safeguards

Length of time personal data is processed and any criteria used to establish the length of time the data is processed

Data Subject’s Rights (Your rights)

Right to complain to the supervisory authority/regulator

Details of any part of a statutory or contractual requirement and possible consequences of failing to provide the personal data

The existence of any automated decision making, including profiling and information about how decisions are made

What products and services are covered by this policy?

This Privacy Policy applies to the information that we may obtain from you through information exchanged at our meetings and your use of our website(s), collectively called the “Services”. If you have any questions or need more information about these Services, please contact us at the email address in the section below.

Data Controller

For the purposes of the data protection & privacy legislation the members of the group are Joint Data Controllers

North Devon Networking Group (“I”,”we,” “us,” “our”)Legal Status : Business Networking Group, no legal status in its own right.

We may also use the information we collect for other purposes about which we notify you in subsequent versions of this document.

The Lawful Bases for processing personal data.

We only process personal data on the basis that such processing is/where :-

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

necessary in order to enter into or perform a contract for our service(s) and/or;

necessary for compliance with a legal obligation to which the controller is subject and/or;

on the basis we have a legitimate interest which is not overridden by the rights or freedoms of the affected data subjects.

What information do we collect from you, and how is it used?

Direct:

You can visit our website without telling us who you are and without revealing any personal information about yourself. To provide full service however, we will most often need to collect some personal information. For instance, we collect information about you when you register for an account and when you create or modify your personal data on one of our Services. The types of Information we collect may include email address, country of residence, and (optionally) your name and phone number.

Indirect:

From cookies: We may also collect “cookie” information that we may save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customise our Services and your experience; to allow you to access and use our Services without re-entering your username or password; to log visits and to understand which areas and features of the Services are most popular. We may also associate the information we store in cookies with personal information you submit while using our Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services.

Logs: We may record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, your mobile carrier, and system configuration information.

Analytics: We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services. We make sure this data is anonymous by not connecting any analytics data to personally identifiable data such as a name, email address, physical address, or phone number.

How might we share information?

We are not in the business of selling your personal information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your personal information with third party data processors, as set forth below:

With your consent: We will not share your personal information with companies, organisations, or individuals who are not associated with us unless we have your affirmative consent to do so.

Newsletter Service: We use a commercial application to facilitate our newsletter service.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your information (including your personal information) to a third party if:

We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request

To protect the security or integrity of our products and services

To protect our property, rights, and safety and that of our customers or the public from harm or illegal activities

To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or

To investigate and defend ourselves against any third-party claims or allegations.

Business Transfers:

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

Data Transfers

The data controller does not transfer personal data outside of the United Kingdom or European Union, apart from the following exceptions where indicated below.

Data Processor Information

As a business network membership group, certain members perform duties including processing personal data on behalf of the group and therefore they are not data processors, they are doing so under the guidance and direction of the Data Controller.

All data processors acting on behalf of the data controller have appropriate safeguards in place.

The following independant third-party service providers are used by us and only process data in accordance with the instructions from the data controller:–

Name

Service

Country

The Rocket Science Group LLC

Newsletter

USA

EasySpace Ltd

Website Hosting

United Kingdom

How Long Will We Keep The Personal Data?

Retaining some data may be subject to a statutory retention period and this must be adhered to, (to keep certain data for a minimum period of time). This may include personal data (name, address, contact details), but on expiry of such statutory requirement, such data will be destroyed securely. Where possible any personally identifiable data will be anonymised or pseudonymised.

Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information. Our backup routine keeps data for a rolling 30 day period after which time the data is removed from all systems.

Statutory or other requirements

The data controller does not process personal data in respect of any statutory requirement, nor require personal data to be supplied as part of any contractual agreement, however in respect of the controllers services, certain communications may not be possible without such personal data being supplied, for example an email to furnish with updates information etc.

No profiling or automatic decision making processes are undertaken by the data controller in respect of any personal data processing activities.

Your Rights

Your fundamental rights as a Data Subject are:

The right to be informed

The right of access

The right of rectification

The right of erasure (often known as the right to be forgotten)

The right to prevent processing

The right to data portability

The right to object

Rights in relation to automatic decision making and profiling

Under the right of access (2), you have the right to obtain:-

confirmation that your data is being processed;

access to your personal data; and

other supplementary information

So that you are aware of and can verify the lawfulness of the processing

Your right to access can be exercised by contacting the data controller as above.

Please note that not all fundamental rights are absolute.

ICO Information : Complaints

You have the right to complain about organisations processing your personal data. You can exercise this right by contacting the supervisory authority of the data controller as follows:-

Privacy Overview

This is a strictly necessary category under the Privacy and Electronic Communications Regulations (PECR) (and also known as ‘the e-privacy Directive’) and therefore is an exemption under the GDPR Article 6(1)(a) Consent.